"Steve Chang, the Chairman of Trend Micro, has kicked up a controversy by claiming that open source software is inherently less secure. When talking about the security of smartphones, Chang claimed that the iPhone is more secure than Android because being an open-source platform, attackers know more about the underlying architecture."

If you code two systems with equal amounts of similar buffer overflow vulnerabilities, I'll grant that you'd exploit the open source one first.

However, the attacker's advantage to exploit the open source program decreases with the number of non-malicious people that view the code. So the open source security is a function of the amount of people there are reviewing the code. It may start off less secure than the closed source one, but become more secure over time.

The closed source one may have less people reviewing it. And thus less chance to remove the vulnerabilities. This is especially compounded if they developers believe its less vulnerable due to its closed source. Prior to XP Service pack 2, Microsoft had a culture of insecure coding and insecure review system. They've gotten a lot better because they don't believe what this clown said. They know they have cross hairs on them, and attackers have become very good at probing for vulnerabilities in closed source binaries.